Listing of Claims: 



1 . (Previously Presented) A method of enabling a proxy client in a secured 
network to access a target service on behalf of a user, comprising the steps of: 

registering proxy authorization information regarding the user with a trusted 
security server, the proxy authorization information identifying the proxy client and 
an extent of proxy authorization granted the proxy client by the user; 

submitting, by the proxy client, a proxy request to the trusted security server 
requesting access to the target service on behalf of the user; 

comparing, by the trusted security server, the proxy request with the registered 
proxy authorization information of the user to determine whether to grant the proxy 
request; 

issuing, by the trusted security service, a data structure containing 
authentication data recognizable by the target service for authenticating the proxy 
client for accessing the target service on behalf of the user, if it is determined to grant 
the proxy request. 

2. (Original) A method as in claim 1, wherein the data structure is a ticket 
containing a session key for use in a session formed between the proxy client and the 
target service. 
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3. (Previously Presented) A method as in claim 2, wherein the ticket is 
encrypted with a secret key shared by the target service and the trusted security 
server. 

4. (Original) A method as in claim 1, wherein the step of comparing 
determines whether a proxy duration specified by the proxy authorization information 
has expired. 

5. (Original) A method as in claim 1, wherein the step of submitting the 
request includes transmitting a ticket for authenticating the proxy client to the trusted 
security server. 
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6. (Previously Presented) A computer-readable medium having computer- 
executable instruction for a trusted security server to perform the steps: 

storing proxy authorization information from a user for authorizing a proxy 
client to act as a proxy of the user, the proxy authorization information identifying an 
extent of proxy authorization granted the proxy client by the user; 

receiving a proxy request from the proxy client to access a target service on 
behalf of the user; 

determining, based on the stored proxy authorization information of the user, 
whether to grant the proxy request; 

constructing a data structure containing authentication data recognizable by the 
target service for authenticating the proxy client for accessing the target service on 
behalf of the user, if it is determined to grant the proxy request. 

7. (Original) A computer-readable medium as in claim 6, having further 
computer-executable instruction for performing the step of authenticating the user 
based on a password of the user before storing the proxy authorization information. 

8. (Original) A computer-readable medium as in claim 6, wherein the step of 
receiving the proxy request includes authenticating the proxy client based on a ticket 
issued to the proxy client for communicating with the trusted security server. 
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9. (Original) A computer-readable medium as in claim 6, having further 
computer-executable instruction for performing the step of sending the data structure 
to the proxy client for presenting to the target service the authentication of the proxy 
client. 

10. (Original) A computer-readable medium as in claim 6, wherein the data 
structure is encrypted with a key shared by the target service and the trusted security 
server. 

11-17. (Canceled). 

18. (Previously Presented) A method as in claim 1, wherein the extent of 
proxy authorization comprises a restriction on a range of target services that the proxy 
client is authorized to access on behalf of the user. 

19. (Previously Presented) A method as in claim 1, further comprising 
accessing, by the proxy client, the target service, the accessing being in a batch mode 
without user intervention. 
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20. (Previously Presented) A computer-readable medium having computer- 
executable instructions for performing steps: 

receiving a proxy request from a first user to access a target service, wherein 
access to the target service is restricted to a set of one or more users that excludes the 
first user and includes a second user; 

comparing the proxy request with a plurality of proxy authorizations 
maintained in a first data structure to determine whether to grant the proxy request, 
wherein each proxy authorization identifies a user granting proxy authorization, a user 
receiving proxy authorization and an extent of proxy authorization; and 

issuing a second data structure containing data recognizable by the target 
service for authenticating the first user to access the target service as a proxy of the 
second user, if the proxy request is granted. 

21. (Currently Amended) A computer-readable medium as in claim 20, 
wherein of each each proxy authorization comprises a restriction on a range of target 
services that the user receiving proxy authorization is authorized to access on behalf 
of the user granting proxy authorization. 
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22. (Previously Presented) A computer-readable medium as in claim 20, 
wherein each proxy authorization comprises a restriction on a duration that the user 
receiving proxy authorization is authorized to act as a proxy of the user granting 
proxy authorization. 

23. (Previously Presented) A computer-readable medium as in claim 20, 
wherein the second data structure is a ticket containing a key for use in a session 
formed between the first user and the target service. 

24. (Previously Presented) A computer-readable medium as in claim 20, 
further comprising authenticating the first user based on a ticket issued to the first user 
for communicating the proxy request. 

25. (Previously Presented) A computer-readable medium as in claim 20, 
further comprising: 

receiving proxy authorization information regarding a given user; and 
storing proxy authorization information regarding the given user in the first 
data structure. 
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26. (Previously Presented) A computer-readable medium as in claim 25, 
wherein: 

the proxy authorization information regarding the given user is received from 
the given user; and 

the identity of the given user is authenticated. 

27. (Previously Presented) A computer-readable medium as in claim 25, 
wherein: 

the proxy authorization information regarding the given user is received from 
an administrator; and 

the identity of the administrator is authenticated. 
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